rpms/shim-unsigned-x64
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Build shim-unsigned for CentOS Stream 10

Browse Source 
Related: RHEL-4391

Signed-off-by: Brian Stinson <bstinson@redhat.com>
This commit is contained in:
Brian Stinson 2024-11-18 08:41:21 -06:00
parent 93bc040f9f
commit 211a1650fe
7 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
redhatsecureboot502.cer
View File

Binary file not shown.

BIN
redhatsecurebootca5.cer
View File

Binary file not shown.

BIN
redhatsecurebootca8.cer
View File

Binary file not shown.

1
sbat.centos.csv Normal file
View File

@ -0,0 +1 @@
shim.centos,3,The CentOS Project,shim,15.8,security@centos.org
1 shim.centos 3 The CentOS Project shim 15.8 security@centos.org

1
sbat.redhat.csv
View File

@ -1 +0,0 @@
shim.redhat,3,Red Hat Inc,shim,15.8,secalert@redhat.com
1 shim.redhat 3 Red Hat Inc shim 15.8 secalert@redhat.com

17
shim-unsigned-x64.spec
View File

@ -20,7 +20,7 @@
Name: shim-unsigned-%{efiarch}
Version: 15.8
Release: 2.el9
Release: 3.el10.centos
Summary: First-stage UEFI bootloader
ExclusiveArch: x86_64
License: BSD
@ -30,7 +30,7 @@ Source1: vendordb.esl
%if 0%{?dbxfile}
Source2: %{dbxfile}
%endif
Source3: sbat.redhat.csv
Source3: sbat.centos.csv
Source4: shim.patches
Source100: shim-find-debuginfo.sh
@ -42,6 +42,7 @@ BuildRequires: elfutils-libelf-devel
BuildRequires: git openssl-devel openssl
BuildRequires: pesign >= %{pesign_vre}
BuildRequires: dos2unix findutils
BuildRequires: system-sb-certs
# Shim uses OpenSSL, but cannot use the system copy as the UEFI ABI is not
# compatible with SysV (there's no red zone under UEFI) and there isn't a
@ -109,8 +110,8 @@ MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} "
MAKEFLAGS+="ENABLE_SHIM_HASH=true "
MAKEFLAGS+="SBAT_AUTOMATIC_DATE=2023012900 "
MAKEFLAGS+="%{_smp_mflags}"
if [ -f "%{SOURCE1}" ]; then
MAKEFLAGS="$MAKEFLAGS VENDOR_DB_FILE=%{SOURCE1}"
if [ -f "/etc/pki/sb-certs/secureboot-ca-x86_64.cer" ]; then
MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=/etc/pki/sb-certs/secureboot-ca-x86_64.cer"
fi
%if 0%{?dbxfile}
if [ -f "%{SOURCE2}" ]; then
@ -130,8 +131,8 @@ MAKEFLAGS="TOPDIR=.. -f ../Makefile COMMIT_ID=${COMMIT_ID} "
MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} "
MAKEFLAGS+="ENABLE_SHIM_HASH=true "
MAKEFLAGS+="SBAT_AUTOMATIC_DATE=2023012900 "
if [ -f "%{SOURCE1}" ]; then
MAKEFLAGS="$MAKEFLAGS VENDOR_DB_FILE=%{SOURCE1} "
if [ -f "/etc/pki/sb-certs/secureboot-ca-x86_64.cer" ]; then
MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=/etc/pki/sb-certs/secureboot-ca-x86_64.cer"
fi
%if 0%{?dbxfile}
if [ -f "%{SOURCE2}" ]; then
@ -160,6 +161,10 @@ cd ..
%files debugsource -f build-%{efiarch}/debugsource.list
%changelog
* Mon Nov 18 2024 Brian Stinson <bstinson@redhat.com> - 15.8-3.el10.centos
- Build shim-unsigned for CentOS Stream 10
Related: RHEL-4391
* Wed Feb 07 2024 Peter Jones <pjones@redhat.com> - 15.8-2.el9
- Rebuild to fix the commit ident and MAKEFLAGS
Resolves: RHEL-56466

BIN
vendordb.esl
View File

Binary file not shown.